Want to set yubico serial number at instantiation

Question

Want to set yubico serial number at instantiation

Opened this issue 4 years ago · 2 comments

In #28 and #25 it's become apparent that it would be nice to be able to customise the Yubico serial number used by the applet, probably at applet instantiation time

Answer 1 · 2020-06-07T17:36:28.000Z

This would potentially be useful for key derivation schemes.

I'm planning on using Thales HSMs to generate a management key at some point, and it would be nice to generate a serial number at the same time as the key, with the key being a function of the generated serial.

Answer 2 · 2022-01-12T03:27:25.000Z

I have an in-progress patch that has this as one of the features. I'll be doing a pull request once it's cleaned up and fleshed out.

I'm using the tag 0x80 (context sensitive) for the parameter collection, and 0xFD (from the APDU to get the serial number). I'm also going to be adding tags to set the FASC-N and CHUID, and strict contactless mode.